Tuesday, January 15, 2013

One of the first thing a virus or worm does once they infect a computer is disable access to all tools and software that could be used to detect and possibly kill the malware. Windows built in programs such as the task manager, group policy editor, and Registry editor are usually the ones that goes first. Some malware would also disable third-party security software such as anti-virus programs, making it impossible to run a scan on the infected computer. Modern malware writers are clever enough not to allow installation of any new security software either, detecting them at launch and terminating the installer. How does one deal with such infection?

Malwarebytes thinks they might have a solution. They have created a new program called Malwarebytes Chameleon designed to download and install Malwarebytes Anti-Malware on the infected computer and get it running when it’s blocked by malicious programs.

Malwarebytes Anti-Malware is a malware detection and removal tool that can remove, according to the publisher, “all traces of malware including worms, trojans, rootkits, rogues, dialers, spyware and more.” The free version of the product lacks the real-time scanner and heuristic detection engine, but otherwise identical to their pro offering. I don’t have much experience with this product, but it reportedly does a fair job.

After you download Malwarebytes Chameleon, assuming the malware hasn’t blocked your Internet connection, extract the contents of the ZIP file to a folder. Inside the folder you will find several executable files bearing names such as firefox.exe, iexplorer.exe, winlogon.exe, svchost.exe and rundll32.exe. These are all launchers for Malwarebytes Anti-Malware disguised as various files. Ignore them for the moment, and run the Help file included within.

In the help file page you will find 10 blue buttons that will launch these various launchers. Try the first button, and you should see the command prompt window open. If it does, it means the launcher has started and successfully killed the malicious process that is preventing Malwarebytes Anti-Malware from running. If the first button doesn't work, try the next one. If that one doesn't work, just keep trying until you find one that does.

If the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions.

If Malwarebytes Anti-Malware is already installed on the computer, Chameleon will attempt to run it. If not, Chameleon will download the installer and install the anti-malware program on the computer. After this you can use Malwarebytes Anti-Malware as you normally would to run a Quick Scan and remove the malware.